certificatewindows
I am trying to create client certifications against a Microsoft CA using the built in website. (Microsoft Active Directory Certificate Services) From what I can tell, you have to login as the user to create the corresponding certificate.
Is there any way to get around that? I tried to create my own template, duplicating the user template, but it doesn't match and gets rejected when trying to authenticate. Is this something I'd have to look at building?
I managed to figure it out! Because my company does not use issuance policies, there was nothing for the certificate to resolve to. So, to fix this, I changed the template from using issuance policies to using application policies.
To do this, open the properties of the certificate template.
Click the "Issuance Requirements" tab.
In the "Policy type required in signature:" dropdown, select "Application policy".
Next, in the "Application policy:" dropdown, select "Certificate Request Agent". This gives you the permissions to use that template.
Simply import the template onto the CA and you're done.
Best Answer
Just configure the group policy to "Auto-Enrol" the user/machine certificates
http://technet.microsoft.com/en-us/library/cc787781%28WS.10%29.aspx